Inside the EYE of the TORnado: From Navy spooks to Silk Road

It's hard enough to peel the onion, are you hard enough to eat the core?

Comment TOR is the most widely used system for the provision of anonymity for internet users. I'll look at how TOR came about: its beginnings in the US Navy; growth and use by both pro-democracy freedom fighters and the less savoury elements of the internet; and how the NSA may have managed to peel the onion router for the FBI to help it collar its suspects.

As encryption and communication methods evolved, TOR was no longer required by the government. The Navy let go of the technology in late 2002 and its support was taken over by famed US military bonkers-boffinry bureau DARPA (the Defense Advanced Research Projects Agency). The agency continues to provide funding for onion routing systems to this day, with a budget of over $13m last year (PDF, page 98). It provided funding for the Tor project itself until 2006.

Initially, non-military use of TOR was limited to geeks and people who had a Big Brother complex. Eventually it was adopted by more average but technically literate users.

Elements of the underworld also began to see its usefulness. Silk Road appeared: an underground website that was the Walmart of the drugs world, complete with a seller rating system and a way to use the anonymous cryptocurrency Bitcoin – which is, as yet, untaxed and not regulated by any government – for payment.

TOR was also attractive to freedom advocates around the world, such as those living in repressive regimes where discussion of certain matters was banned and punishable by a stint in a prison camp.

Today TOR provides a way for citizens to securely communicate across the globe using internet services such as chat and web browsing. Anyone can download it, and installation is simple. A word to the wise, though: read the disclaimers and the notes. Privacy is not at zero cost.*

Inside the onion

So what exactly is inside TOR? It's a set of tools that allow users to proxy sensitive data across the TOR network via several hosts, or nodes, between the entry into the TOR world and the exit out of it. On each hop the host in question is decrypting and re-encrypting the packets with its own private key. This means that no node - except the exit node and entry node - knows anything about any intermediate hops. It provides a means to hide communication activity from anyone trying to pry on you en route as all payload of the packet is encrypted.

Tracking users back to exit nodes is exceptionally difficult. It is called the onion protocol because the more you peel back, the less you have... until you have nothing. As the idea and software became popular with more people, it became apparent that operational websites, servers and services were potentially weak links in the chain, as all the information sent to a site was located in a physical place, with potentially traceable records.

Who called the Feds?

The information was only as secure as the host itself, which was vulnerable to search and seizure or compromising of the machine by governments or entities, such as the FBI, which routinely seizes servers in the US or asks other governments to do the same.

An example, although not TOR-related, was the infamous seizure of The Pirate Bay's servers. This issue gave rise to onion sites hidden within the TOR network. Using normal DNS would give away the sites being visited. To defeat this issue, TOR has its own version of a DNS hierarchy: .onion files. So you won't find Google in there, but there are other smaller search engines.

TOR suffers from one major weakness: its speed. There is only so much "dark" bandwidth available. With every user functioning as both an entry and exit node and being on relatively modest connections, the speed used to be akin to dial-up speeds. Also, the nature of ADSL and cable – where upload is only maybe 1/10th of the download speed – compounds the issue of available capacity.

All nodes share their own bandwidth with others, so the more users, the more bandwidth. Users can also create TOR nodes. Whenever someone uses a TOR proxy, they also function as an exit node.

However, some freetards have hooked onto this awesome technology and have taken to trying to torrent through TOR. This is considered a big no-no due to the fact that consuming masses of bandwidth for a bit of common and garden piracy is considered exceptionally bad form.

It also exposes the IP addresses of all of the members of the BitTorrent swarm – which destroys the security of users and jeopardises the people running the end node, not least from the potential attentions of the MPAA - and other less than honest users.